Congratulations, you're fired: The dangers of cloud sharing

“You’re fired!” it’s a line we only really expect to hear from Alan Sugar these days, and even then, only for entertainment. Yet recent research reveals that file sync and share challenges could be putting UK employees at risk of hearing these words, or at the very least, of receiving a written warning.

It’s a familiar situation for most employees working in office environments - you have some urgent files that need to be sent to a customer or partner on a tight deadline. The files are too big to be emailed and the person administrating the FTP-Server is, of course, on holiday. Being a hands-on, solution-oriented employee who is well versed with modern technology, you decide to share the files through a cloud-based file sharing solution. With the job done and the customer happy, you might be expecting a pat on the back as a reward not a written warning, or even worse, a letter of termination, but that is the hidden reality for most UK employees.

It sounds unlikely but as companies tighten their guidelines on public cloud usage, following a series of serious security breaches, it is becoming a necessity for companies wanting control and visibility of their data. Recent research commissioned by Connected Data and carried out by independent research company Verve, showed that 22 per cent of UK firms would instantly dismiss staff for using the public cloud for their duties while 40 per cent would issue a written warning and 26 per cent a verbal one. But who is to the blame? The employee might be ignoring the potential risks of using a public cloud service (33 per cent of UK companies have banned staff from using the public cloud entirely) or might simply be unaware of them - (59 per cent of UK companies have not even added guidelines to a staff manual). Conversely, the company’s IT might be at the root of the problem if it does not provide the necessary tools for employees to do their job.

The ‘consumerisation of IT’ has been a visible trend in recent years as consumers expect their work environment to be just as easy to use as their personal environment. Consumer file sync and share solutions have become commonplace and are installed on most devices, from mobiles to laptops. Those services are very useful for sharing personal data with friends and family but are a problem for the IT department, as employees share their corporate files using their personal cloud services and don’t fully understand the risks attached. Pun intended.

Rather than firing staff or sending out written warnings, companies must do a better job warning their employees about the risks of sharing sensitive files and offer solutions that are equally easy to use, but are controlled by the IT department.

Why are public cloud services a risk when sharing data?

The vast majority (91 per cent) of IT decision makers believe that sharing sensitive data in the public cloud poses some level of risk:

Location: Some services are using data centres around the world to physically save their user’s data. But the user does not know the location of where the data is saved. It is even likely that the data is backed up and synched at additional data centres elsewhere. In highly regulated markets, such as finance, insurance, health, and pharmaceuticals, hosting personally identifiable information on public cloud services may violate regulations. In regions with tight data sovereignty regulations, such as the EU, this means that public cloud solutions aren’t even a legally viable solution in many countries.

Security: Certain services also have limited security features compared to enterprise file sync and share solutions and it’s hard to know whether data has been shared with or accessed by the wrong party, which increases risk of insider threats and data theft.

Data Loss: Public cloud services have been known to lose customer files – or fail to back them up at all – meaning that employees run the risk of permanently losing company files, with no way for the IT department to recover them. Even outages could mean company data on the public cloud services is not accessible at the time it is needed.

Compliance: Many industries have compliance regulations, which dictate that certain files have limited access or remain encrypted during transfer. So, with public cloud services, there is an increased risk that employees are unknowingly violating their company’s compliance requirements.

In order to start to control which employee devices are able to sync with a corporate computer, 36 per cent of businesses now have tracking tools in place to monitor their employee’s activity via these platforms. It might be tempting to use public cloud services, but the danger of ‘getting caught’ is getting higher.

Can private cloud solve the problem?

File Sync and Share solutions are available to give employees the tools they need to share files securely and within their company’s compliance guidelines. However, some solutions are often complex to deploy, time-sensitive to administer and expensive, especially for SMBs on a tighter budget than enterprises. An alternative to the unsecure public cloud and complex and costly EFSS solutions are private cloud solutions that offer the same features employees are used to, but with extended security. One of the advantages: The IT department knows exactly where the data is saved - in the company’s own datacentre and within its firewall.

While online file sharing tools are sufficient for sending personal files, there is more doubt around securely managing corporate file transfers. There’s certainly a demand among employees for reliable, user-friendly file transfer options, and IT departments should look to meet this need by providing employees with a highly secure alternative, such as Managed File Transfer (MFT) solutions.

Employee behaviour cannot be changed overnight. The right way to keep data safe is to give employees the work tools they need.

Private cloud solutions eliminate the temptation to use unauthorised public cloud solutions that could put sensitive business information at risk and enable companies to take full responsibility by protecting their sensitive data whilst enabling their employees to do their jobs as efficiently as possible, without running the risk of getting fired for doing their job.